Headline
RHSA-2023:2123: Red Hat Security Advisory: libreswan security update
An update for libreswan is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-04
Updated:
2023-05-04
RHSA-2023:2123 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: libreswan security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libreswan is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).
Security Fix(es):
- libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan (CVE-2023-30570)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
libreswan-4.5-1.el8_6.1.src.rpm
SHA-256: 665d17944ff88e994515e8e754071af9d8377cf8a3a02dd94117d4a9a528bc77
x86_64
libreswan-4.5-1.el8_6.1.x86_64.rpm
SHA-256: a4f16d0850c32cdd1e367ebea791fd0ac12f2b133890ce67a74726b66fd61129
libreswan-debuginfo-4.5-1.el8_6.1.x86_64.rpm
SHA-256: 26896a18ee9eda8d2e3c44e057ba5c6af5cabc11c76dd6ac15a8bb7a47536154
libreswan-debugsource-4.5-1.el8_6.1.x86_64.rpm
SHA-256: 9b9358b85b674ec6711f8533899818a0454fd62aaced846a19887c7c712c9db5
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
libreswan-4.5-1.el8_6.1.src.rpm
SHA-256: 665d17944ff88e994515e8e754071af9d8377cf8a3a02dd94117d4a9a528bc77
x86_64
libreswan-4.5-1.el8_6.1.x86_64.rpm
SHA-256: a4f16d0850c32cdd1e367ebea791fd0ac12f2b133890ce67a74726b66fd61129
libreswan-debuginfo-4.5-1.el8_6.1.x86_64.rpm
SHA-256: 26896a18ee9eda8d2e3c44e057ba5c6af5cabc11c76dd6ac15a8bb7a47536154
libreswan-debugsource-4.5-1.el8_6.1.x86_64.rpm
SHA-256: 9b9358b85b674ec6711f8533899818a0454fd62aaced846a19887c7c712c9db5
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
libreswan-4.5-1.el8_6.1.src.rpm
SHA-256: 665d17944ff88e994515e8e754071af9d8377cf8a3a02dd94117d4a9a528bc77
s390x
libreswan-4.5-1.el8_6.1.s390x.rpm
SHA-256: 014ab702d8aba3de1c5ab95ed00e5b54c46a2d0265220c855ca9cd237b0784aa
libreswan-debuginfo-4.5-1.el8_6.1.s390x.rpm
SHA-256: 3561a7c1163ecef7a7bfc1aabf6edc40983145d09c280f72193f1b5c48b1af3a
libreswan-debugsource-4.5-1.el8_6.1.s390x.rpm
SHA-256: 7074bf915e28167ffc359207340884efd9c8b696a6b1ad47f30f1f1a21c66b54
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
libreswan-4.5-1.el8_6.1.src.rpm
SHA-256: 665d17944ff88e994515e8e754071af9d8377cf8a3a02dd94117d4a9a528bc77
ppc64le
libreswan-4.5-1.el8_6.1.ppc64le.rpm
SHA-256: dc0c712e110c0e46bce337cc5751681de271832208d1fd97b98997672011da82
libreswan-debuginfo-4.5-1.el8_6.1.ppc64le.rpm
SHA-256: d3c49e00f55c001f8de580009092ac9d7f8fed9060c3a42f67aa90e4865c7f71
libreswan-debugsource-4.5-1.el8_6.1.ppc64le.rpm
SHA-256: ddc1fa0be69e7c83002c9bb4db222f090351b124bfae2539369ae8a500d71cd6
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
libreswan-4.5-1.el8_6.1.src.rpm
SHA-256: 665d17944ff88e994515e8e754071af9d8377cf8a3a02dd94117d4a9a528bc77
x86_64
libreswan-4.5-1.el8_6.1.x86_64.rpm
SHA-256: a4f16d0850c32cdd1e367ebea791fd0ac12f2b133890ce67a74726b66fd61129
libreswan-debuginfo-4.5-1.el8_6.1.x86_64.rpm
SHA-256: 26896a18ee9eda8d2e3c44e057ba5c6af5cabc11c76dd6ac15a8bb7a47536154
libreswan-debugsource-4.5-1.el8_6.1.x86_64.rpm
SHA-256: 9b9358b85b674ec6711f8533899818a0454fd62aaced846a19887c7c712c9db5
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
libreswan-4.5-1.el8_6.1.src.rpm
SHA-256: 665d17944ff88e994515e8e754071af9d8377cf8a3a02dd94117d4a9a528bc77
aarch64
libreswan-4.5-1.el8_6.1.aarch64.rpm
SHA-256: 5022c2a033395844e1d562b09f4e522a008a2304164a75108d4d3a986c1fed95
libreswan-debuginfo-4.5-1.el8_6.1.aarch64.rpm
SHA-256: 2954d358ef721814c62f3cfb6c6cac850da2b5231b730fe2ccabda8cc5eda3b4
libreswan-debugsource-4.5-1.el8_6.1.aarch64.rpm
SHA-256: 8f10e3f3d64ceadd6981389ea2b673a8ace0170f1198c37aa0ad47cf322d0d3f
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
libreswan-4.5-1.el8_6.1.src.rpm
SHA-256: 665d17944ff88e994515e8e754071af9d8377cf8a3a02dd94117d4a9a528bc77
ppc64le
libreswan-4.5-1.el8_6.1.ppc64le.rpm
SHA-256: dc0c712e110c0e46bce337cc5751681de271832208d1fd97b98997672011da82
libreswan-debuginfo-4.5-1.el8_6.1.ppc64le.rpm
SHA-256: d3c49e00f55c001f8de580009092ac9d7f8fed9060c3a42f67aa90e4865c7f71
libreswan-debugsource-4.5-1.el8_6.1.ppc64le.rpm
SHA-256: ddc1fa0be69e7c83002c9bb4db222f090351b124bfae2539369ae8a500d71cd6
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
libreswan-4.5-1.el8_6.1.src.rpm
SHA-256: 665d17944ff88e994515e8e754071af9d8377cf8a3a02dd94117d4a9a528bc77
x86_64
libreswan-4.5-1.el8_6.1.x86_64.rpm
SHA-256: a4f16d0850c32cdd1e367ebea791fd0ac12f2b133890ce67a74726b66fd61129
libreswan-debuginfo-4.5-1.el8_6.1.x86_64.rpm
SHA-256: 26896a18ee9eda8d2e3c44e057ba5c6af5cabc11c76dd6ac15a8bb7a47536154
libreswan-debugsource-4.5-1.el8_6.1.x86_64.rpm
SHA-256: 9b9358b85b674ec6711f8533899818a0454fd62aaced846a19887c7c712c9db5
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
Red Hat Security Advisory 2023-3148-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI...
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI...
Red Hat Security Advisory 2023-2126-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2124-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2121-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2122-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2120-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
An update for libreswan is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response ...
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...
An update for libreswan is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...